Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-03-22 17:15
Updated : 2024-03-22 19:02
NVD link : CVE-2023-23349
Mitre link : CVE-2023-23349
CVE.ORG link : CVE-2023-23349
JSON object : View
Products Affected
No product.
CWE
CWE-316
Cleartext Storage of Sensitive Information in Memory